在我们公司,我目前有一个脚本可以通过 SSL 连接到 HTTPS 上的外部供应商。该脚本仅执行服务器身份验证。就是这个:
use HTML::Parser;
use HTTP::Request::Common;
use LWP::UserAgent;
use XML::Simple;
local $ENV{HTTPS_CERT_FILE} = '../cert/abc.vendor.crt';
local $ENV{HTTPS_PROXY} = 'https://proxy.com:8080';
local $ENV{HTTPS_DEBUG} = 0;
my $vendor_server = 'https:abc.vendor.site.com';
my $xml = "XML code here";
my $request = (POST $vendor_server, Content_Type => 'text/xml; charset=utf-8', Content => $xml);
my $ua = LWP::UserAgent->new();
my $response = $ua->request($request);
if ( $response->is_success() ) {
return $response;
}
else {
return "Error message";
}
这是根据需要工作的,但由于严格的合规性和安全性,我们现在需要通过自签名证书将其设为“相互身份验证”。我尝试改变HTTPS_DEBUG 为 1并在其后添加以下两行。 “myserver.crt”是我创建 CSR 后的内部自签名证书(我希望这些详细信息是正确的,我不太熟悉 SSL,这一点很明显):
local $ENV{HTTPS_CA_DIR} = '../cert';
local $ENV{HTTPS_CA_FILE} = '../cert/myserver.crt';
但是当我运行脚本时出现以下错误:
Connecting to abc over SSL and sending POST
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:unknown CA
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL3 alert write:fatal:bad certificate
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
SSL_connect:failed in SSLv2 read server hello A
Ticket FAILED
$VAR1 = '500 SSL negotiation failed: ';
我究竟做错了什么?
感谢您提供的所有帮助!
None
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
